Install Azure Backup Server on Azure Stack
This article explains how to install Azure Backup Server on Azure Stack. With Azure Backup Server, you can protect Infrastructure as a Service (IaaS) workloads such as virtual machines running in Azure Stack. A benefit of using Azure Backup Server to protect your workloads is you can manage all workload protection from a single console.
To learn about security capabilities, refer to Azure Backup security features documentation.
Azure Backup Server protection matrix
Azure Backup Server protects the following Azure Stack virtual machine workloads.
|Protected data source||Protection and recovery|
|Windows Server Semi Annual Channel - Datacenter/Enterprise/Standard||Volumes, files, folders|
|Windows Server 2016 - Datacenter/Enterprise/Standard||Volumes, files, folders|
|Windows Server 2012 R2 - Datacenter/Enterprise/Standard||Volumes, files, folders|
|Windows Server 2012 - Datacenter/Enterprise/Standard||Volumes, files, folders|
|Windows Server 2008 R2 - Datacenter/Enterprise/Standard||Volumes, files, folders|
|SQL Server 2016||Database|
|SQL Server 2014||Database|
|SQL Server 2012 SP1||Database|
|SharePoint 2016||Farm, database, frontend, web server|
|SharePoint 2013||Farm, database, frontend, web server|
|SharePoint 2010||Farm, database, frontend, web server|
Prerequisites for the Azure Backup Server environment
Consider the recommendations in this section when installing Azure Backup Server in your Azure Stack environment. The Azure Backup Server installer checks that your environment has the necessary prerequisites, but you'll save time by preparing before you install.
Determining size of virtual machine
To run Azure Backup Server on an Azure Stack virtual machine, use size A2 or larger. For assistance in choosing a virtual machine size, download the Azure Stack VM size calculator.
Virtual Networks on Azure Stack virtual machines
All virtual machines used in an Azure Stack workload must belong to the same Azure virtual network and Azure Subscription.
Azure Backup Server VM performance
If shared with other virtual machines, the storage account size and IOPS limits impact Azure Backup Server VM performance. For this reason, you should use a separate storage account for the Azure Backup Server virtual machine. The Azure Backup agent running on the Azure Backup Server needs temporary storage for:
- its own use (a cache location),
- data restored from the cloud (local staging area)
Configuring Azure Backup temporary disk storage
Each Azure Stack virtual machine comes with temporary disk storage, which is available to the user as volume
D:\. The local staging area needed by Azure Backup can be configured to reside in
D:\, and the cache location can be placed on
C:\. In this way, no storage needs to be carved away from the data disks attached to the Azure Backup Server virtual machine.
Storing backup data on local disk and in Azure
Azure Backup Server stores backup data on Azure disks attached to the virtual machine, for operational recovery. Once the disks and storage space are attached to the virtual machine, Azure Backup Server manages storage for you. The amount of backup data storage depends on the number and size of disks attached to each Azure Stack virtual machine. Each size of Azure Stack VM has a maximum number of disks that can be attached to the virtual machine. For example, A2 is four disks. A3 is eight disks. A4 is 16 disks. Again, the size and number of disks determines the total backup storage pool.
You should not retain operational recovery (backup) data on Azure Backup Server-attached disks for more than five days.
Storing backup data in Azure reduces backup infrastructure on Azure Stack. If data is more than five days old, it should be stored in Azure.
To store backup data in Azure, create or use a Recovery Services vault. When preparing to back up the Azure Backup Server workload, you configure the Recovery Services vault. Once configured, each time a backup job runs, a recovery point is created in the vault. Each Recovery Services vault holds up to 9999 recovery points. Depending on the number of recovery points created, and how long they are retained, you can retain backup data for many years. For example, you could create monthly recovery points, and retain them for five years.
If you want to scale your deployment, you have the following options:
- Scale up - Increase the size of the Azure Backup Server virtual machine from A series to D series, and increase the local storage per the Azure Stack virtual machine instructions.
- Offload data - send older data to Azure and retain only the newest data on the storage attached to the Azure Backup Server.
- Scale out - Add more Azure Backup Servers to protect the workloads.
.NET Framework 3.5 SP1 or higher must be installed on the virtual machine.
Joining a domain
The Azure Backup Server virtual machine must be joined to a domain. A domain user with administrator privileges must install Azure Backup Server on the virtual machine.
Using an IaaS VM in Azure Stack
When choosing a server for Azure Backup Server, start with a Windows Server 2012 R2 Datacenter or Windows Server 2016 Datacenter gallery image. The article, Create your first Windows virtual machine in the Azure portal, provides a tutorial for getting started with the recommended virtual machine. The recommended minimum requirements for the server virtual machine (VM) should be: A2 Standard with two cores and 3.5-GB RAM.
Protecting workloads with Azure Backup Server has many nuances. The article, Install DPM as an Azure virtual machine, helps explain these nuances. Before deploying the machine, read this article completely.
Azure Backup Server is designed to run on a dedicated, single-purpose virtual machine. You cannot install Azure Backup Server on:
- A computer running as a domain controller
- A computer on which the Application Server role is installed
- A computer on which Exchange Server is running
- A computer that is a node of a cluster
Always join Azure Backup Server to a domain. If you need to move Azure Backup Server to a different domain, first install Azure Backup Server, then join it to the new domain. Once you deploy Azure Backup Server, you can't move it to a new domain.
Create a Recovery Services vault
A Recovery Services vault is an entity that stores the backups and recovery points created over time. The Recovery Services vault also contains the backup policies that are associated with the protected virtual machines.
To create a Recovery Services vault:
Sign in to your subscription in the Azure portal.
On the left menu, select All services.
In the All services dialog box, enter Recovery Services. The list of resources filters according to your input. In the list of resources, select Recovery Services vaults.
The list of Recovery Services vaults in the subscription appears.
On the Recovery Services vaults dashboard, select Add.
The Recovery Services vault dialog box opens. Provide values for the Name, Subscription, Resource group, and Location.
Name: Enter a friendly name to identify the vault. The name must be unique to the Azure subscription. Specify a name that has at least two, but not more than 50 characters. The name must start with a letter and consist only of letters, numbers, and hyphens.
Subscription: Choose the subscription to use. If you're a member of only one subscription, you'll see that name. If you're not sure which subscription to use, use the default (suggested) subscription. There are multiple choices only if your work or school account is associated with more than one Azure subscription.
Resource group: Use an existing resource group or create a new one. To see the list of available resource groups in your subscription, select Use existing, and then select a resource from the drop-down list box. To create a new resource group, select Create new and enter the name. For complete information about resource groups, see Azure Resource Manager overview.
Location: Select the geographic region for the vault. To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines.
If you're not sure of the location of your VM, close the dialog box. Go to the list of virtual machines in the portal. If you have virtual machines in several regions, create a Recovery Services vault in each region. Create the vault in the first location, before you create the vault for another location. There's no need to specify storage accounts to store the backup data. The Recovery Services vault and the Azure Backup service handle that automatically.
When you're ready to create the Recovery Services vault, select Create.
It can take a while to create the Recovery Services vault. Monitor the status notifications in the Notifications area at the upper-right corner of the portal. After your vault is created, it's visible in the list of Recovery Services vaults. If you don't see your vault, select Refresh.
Set Storage Replication
The Recovery Services vault storage replication option allows you to choose between geo-redundant storage and locally redundant storage. By default, Recovery Services vaults use geo-redundant storage. If this vault is your primary vault, leave the storage option set to geo-redundant storage. Choose locally redundant storage if you want a cheaper option that is less durable. Read more about geo-redundant and locally redundant storage options in the Azure Storage replication overview.
To edit the storage replication setting:
Select your vault to open the vault dashboard and the Settings menu. If the Settings menu doesn't open, click All settings in the vault dashboard.
On the Settings menu, click Backup Infrastructure > Backup Configuration to open the Backup Configuration menu. On the Backup Configuration menu, choose the storage replication option for your vault.
Download Azure Backup Server installer
There are two ways to download the Azure Backup Server installer. You can download the Azure Backup Server installer from the Microsoft Download Center. You can also download Azure Backup Server installer as you are configuring a Recovery Services vault. The following steps walk you through downloading the installer from the Azure portal while configuring a Recovery Services vault.
From your Azure Stack virtual machine, sign in to your Azure subscription in the Azure portal.
In the left-hand menu, select All Services.
In the All services dialog, type Recovery Services. As you begin typing, your input filters the list of resources. Once you see it, select Recovery Services vaults.
The list of Recovery Services vaults in the subscription appears.
From the list of Recovery Services vaults, select your vault to open its dashboard.
In the vault's Getting Started menu, click Backup to open the Getting Started wizard.
The backup menu opens.
In the backup menu, from the Where is your workload running menu, select On-premises. From the What do you want to backup? drop-down menu, select the workloads you want to protect using Azure Backup Server. If you aren't sure which workloads to select, choose Hyper-V Virtual Machines and then click Prepare Infrastructure.
The Prepare infrastructure menu opens.
In the Prepare infrastructure menu, click Download to open a web page to download Azure Backup Server installation files.
The Microsoft web page that hosts the downloadable files for Azure Backup Server, opens.
In the Microsoft Azure Backup Server download page, select a language, and click Download.
The Azure Backup Server installer is composed of eight files - an installer and seven .bin files. Check File Name to select all required files and click Next. Download all files to the same folder.
The download size of all installation files is larger than 3 GB. On a 10-Mbps download link, downloading all installation files may take up to 60 minutes. The files download to your specified download location.
Extract Azure Backup Server install files
After you've downloaded all files to your Azure Stack virtual machine, go to the download location. The first phase of installing Azure Backup Server is to extract the files.
To start the installation, from the list of downloaded files, click MicrosoftAzureBackupserverInstaller.exe.
At least 4GB of free space is required to extract the setup files.
In the Azure Backup Server wizard, click Next to continue.
Choose the path for the Azure Backup Server files, and click Next.
Verify the extraction location, and click Extract.
The wizard extracts the files and readies the installation process.
Once the extraction process completes, click Finish. By default, Execute setup.exe is selected. When you click Finish, Setup.exe installs Microsoft Azure Backup Server to the specified location.
Install the software package
In the previous step, you clicked Finish to exit the extraction phase, and start the Azure Backup Server setup wizard.
Azure Backup Server shares code with Data Protection Manager. You will see references to Data Protection Manager and DPM in the Azure Backup Server installer. Though Azure Backup Server and Data Protection Manager are separate products, these products are closely related.
To launch the setup wizard, click Microsoft Azure Backup Server.
On the Welcome screen, click Next.
On the Prerequisite Checks screen, click Check to determine if the hardware and software prerequisites for Azure Backup Server have been met.
If your environment has the necessary prerequisites, you will see a message indicating that the machine meets the requirements. Click Next.
If your environment doesn't meet the necessary prerequisites, the issues will be specified. The prerequisites that were not met are also listed in the DpmSetup.log. Resolve the prerequisite errors, and then run Check Again. Installation can't proceed until all prerequisites are met.
Microsoft Azure Backup Server requires SQL Server. The Azure Backup Server installation package comes bundled with the appropriate SQL Server binaries. If you want to use your own SQL installation, you can. However, the recommended choice is let the installer add a new instance of SQL Server. To ensure your choice works with your environment, click Check and Install.
Azure Backup Server will not work with a remote SQL Server instance. The instance used by Azure Backup Server must be local.
After checking, if the virtual machine has the necessary prerequisites to install Azure Backup Server, click Next.
If a failure occurs with a recommendation to restart the machine, then restart the machine. After restarting the machine, restart the installer, and when you get to the SQL Settings screen, click Check Again.
In the Installation Settings, provide a location for the installation of Microsoft Azure Backup server files and click Next.
The scratch location is required to back up to Azure. Ensure the size of the scratch location is equivalent to at least 5% of the data planned to be backed up to Azure. For disk protection, separate disks need to be configured once the installation completes. For more information regarding storage pools, see Configure storage pools and disk storage.
On the Security Settings screen, provide a strong password for restricted local user accounts and click Next.
On the Microsoft Update Opt-In screen, select whether you want to use Microsoft Update to check for updates and click Next.
We recommend having Windows Update redirect to Microsoft Update, which offers security and important updates for Windows and other products like Microsoft Azure Backup Server.
Review the Summary of Settings and click Install.
When Azure Backup Server finishes installing, the installer immediately launches the Microsoft Azure Recovery Services agent installer.
The Microsoft Azure Recovery Services Agent installer opens, and checks for Internet connectivity. If Internet connectivity is available, proceed with the installation. If there is no connectivity, provide proxy details to connect to the Internet. Once you've specified your proxy settings, click Next.
To install the Microsoft Azure Recovery Services Agent, click Install.
The Microsoft Azure Recovery Services agent, also called the Azure Backup agent, configures the Azure Backup Server to the Recovery Services vault. Once configured, Azure Backup Server will always backup data to the same Recovery Services vault.
Once the Microsoft Azure Recovery Services agent finishes installing, click Next to start the next phase: registering Azure Backup Server with the Recovery Services vault.
The installer launches the Register Server Wizard.
Switch to your Azure subscription and your Recovery Services vault. In the Prepare Infrastructure menu, click Download to download vault credentials. If the Download button in step 2 is not active, select Already downloaded or using the latest Azure Backup Server installation to activate the button. The vault credentials download to the location where you store downloads. Be aware of this location because you'll need it for the next step.
In the Vault Identification menu, click Browse to find the Recovery Services vault credentials.
In the Select Vault Credentials dialog, go to the download location, select your vault credentials, and click Open.
The path to the credentials appears in the Vault Identification menu. Click Next to advance to the Encryption Setting.
In the Encryption Setting dialog, provide a passphrase for the backup encryption, and a location to store the passphrase, and click Next.
You can provide your own passphrase, or use the passphrase generator to create one for you. The passphrase is yours, and Microsoft does not save or manage this passphrase. To prepare for a disaster, save your passphrase to an accessible location.
Once you click Next, the Azure Backup Server is registered with the Recovery Services vault. The installer continues installing SQL Server and the Azure Backup Server.
When the installer completes, the Status shows that all software has been successfully installed.
When installation completes, the Azure Backup Server console and the Azure Backup Server PowerShell icons are created on the server desktop.
Add backup storage
The first backup copy is kept on storage attached to the Azure Backup Server machine. For more information about adding disks, see Add Modern Backup storage.
You need to add backup storage even if you plan to send data to Azure. In the Azure Backup Server architecture, the Recovery Services vault holds the second copy of the data while the local storage holds the first (and mandatory) backup copy.
Azure Backup Server requires connectivity to the Azure Backup service for the product to work successfully. To validate whether the machine has the connectivity to Azure, use the
Get-DPMCloudConnection cmdlet in the Azure Backup Server PowerShell console. If the output of the cmdlet is TRUE, then connectivity exists, else there is no connectivity.
At the same time, the Azure subscription needs to be in a healthy state. To find out the state of your subscription and to manage it, sign in to the subscription portal.
Once you know the state of the Azure connectivity and of the Azure subscription, you can use the table below to find out the impact on the backup/restore functionality offered.
|Connectivity State||Azure Subscription||Back up to Azure||Back up to disk||Restore from Azure||Restore from disk|
|Connected||Deprovisioned||Stopped||Stopped||Stopped and Azure recovery points deleted||Stopped|
|Lost connectivity > 15 days||Active||Stopped||Stopped||Allowed||Allowed|
|Lost connectivity > 15 days||Expired||Stopped||Stopped||Allowed||Allowed|
|Lost connectivity > 15 days||Deprovisioned||Stopped||Stopped||Stopped and Azure recovery points deleted||Stopped|
Recovering from loss of connectivity
If a firewall or a proxy is preventing access to Azure, add the following domain addresses in the firewall/proxy profile allow list:
Once connectivity to Azure is restored to the Azure Backup Server, the Azure subscription state determines the operations that can be performed. Once the server is Connected, use the table in Network connectivity to see the available operations.
Handling subscription states
It's possible to change an Azure subscription from Expired or Deprovisioned state to Active state. While the subscription state is not Active:
- While a subscription is Deprovisioned, it loses functionality. Restoring the subscription to Active, revives the backup/restore functionality. If backup data on the local disk was retained with a sufficiently large retention period, that backup data can be retrieved. However, backup data in Azure is irretrievably lost once the subscription enters the Deprovisioned state.
- While a subscription is Expired, it loses functionality. Scheduled backups do not run while a subscription is Expired.
The article, Preparing your environment for DPM, contains information about supported Azure Backup Server configurations.
You can use the following articles to gain a deeper understanding of workload protection using Microsoft Azure Backup Server.